Bug 790037
| Summary: | virsh --connect qemu:///system fails: Authorization requires authentication but no agent is available. | |||
|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Frank Murphy <sysoutfran> | |
| Component: | libvirt | Assignee: | Libvirt Maintainers <libvirt-maint> | |
| Status: | CLOSED WORKSFORME | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | |
| Severity: | unspecified | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | 18 | CC: | berrange, clalancette, crobinso, dougsland, dpierce, eblake, hbrock, itamar, jforbes, laine, libvirt-maint, rjones, veillard, virt-maint | |
| Target Milestone: | --- | Keywords: | Reopened | |
| Target Release: | --- | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | Bug Fix | ||
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 795978 (view as bug list) | Environment: | ||
| Last Closed: | 2012-11-01 12:41:55 UTC | Type: | --- | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 795978 | |||
Does virsh --connect qemu:///system as regular user work? Or is this specific to virt-manager? Did that policykit configuration work on f16? (In reply to comment #1) > Does virsh --connect qemu:///system as regular user work? Or is this specific > to virt-manager? frank@testvm ~$ virsh --connect qemu:///system WARNING: gnome-keyring:: couldn't connect to: /tmp/keyring-D69WWU/pkcs11: No such file or directory error: authentication failed: Not authorized. error: failed to connect to the hypervisor > > Did that policykit configuration work on f16? yes. Xfce Host but. Gnome-Keyring, coolkey + deps are installed Will look further in the morning. Moving to libvirt for now since it's not virt-manager specific Uncertain if this is complicit: http://lists.fedoraproject.org/pipermail/test/2012-February/105736.html Could possibly be a case of needing to backport this:
commit fcdfa31f3cad32f41ef5e7933c58d986ab7fc6c9
Author: Jim Fehlig <jfehlig>
Date: Wed Feb 15 10:01:50 2012 -0700
Fix polkit0 authentication
Commit 7033c5f2 introduced some bugs in polkit0 authentication.
Fix libvirtd segfault in remoteDispatchAuthPolkit().
Fix polkit authentication bypass when caller UID = 0.
polkit0 isn't in F17, so I think this was just some transient f17/rawhide breakage. Closing as NOTABUG Can you re-consider? As logged in user: ~$ virsh --connect qemu:///system error: authentication failed: Not authorized. error: failed to connect to the hypervisor Sure Frank, reopening. This is on an up to date F17? Fully updated Xfce host with all necessary virt-apps. Frank, can you show output of the following: sudo killall polkitd /usr/libexec/polkit-1/polkitd --no-debug sudo /usr/libexec/polkit-1/polkitd and in another terminal pkcheck --action-id org.libvirt.unix.manage --allow-user-interaction --process $BASHPID frank@testvm ~$ sudo killall polkitd [sudo] password for frank: frank@testvm ~$ /usr/libexec/polkit-1/polkitd --no-debug frank@testvm ~$ sudo /usr/libexec/polkit-1/polkitd Entering main event loop Connected to the system bus Registering null backend at priority -10 Using authority class PolkitBackendLocalAuthority Acquired the name org.freedesktop.PolicyKit1 2nd terminal frank@testvm ~$ pkcheck --action-id org.libvirt.unix.manage --allow-user-interaction --process $BASHPID Not authorized. Must have been a weekend update I missed, this morning as logged in user on host:
~$ virsh --connect qemu:///system
WARNING: gnome-keyring:: couldn't connect to: /home/frank/.cache/keyring-oh45Dr/pkcs11: No such file or directory
Welcome to virsh, the virtualization interactive terminal.
Type: 'help' for help with commands
'quit' to quit
virsh #
virt-manager also connected as user.
Okay, closing per comment #12 Reopening, as I see this error on Fedora 18: $ virsh --connect qemu:///system list error: authentication failed: polkit\56retains_authorization_after_challenge=1 Authorization requires authentication but no agent is available. error: failed to connect to the hypervisor What's particularly annoying about this error is that it is not actionable. It doesn't say what "agent" needs to be running or what other steps the user can take to fix the error. libvirt-0.10.2-3.fc18.x86_64 polkit-0.107-3.fc18.x86_64 SELinux is permissive. '/usr/sbin/libvirtd' is running. '/usr/lib/polkit-1/polkitd --no-debug' is running. Hmm, maybe this is a slightly different bug. I have opened a new bug 872166. |
Description of problem: 1: enable dbus.service 2. enable avahi-daemon.service 3. start libvirtd.service on command line: systemctl status libvirtd.service libvirtd.service - Virtualization daemon Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled) Active: active (running) since Mon, 13 Feb 2012 14:07:21 +0000; 18s ago Main PID: 1830 (libvirtd) CGroup: name=systemd:/system/libvirtd.service ├ 1830 /usr/sbin/libvirtd └ 1935 /sbin/dnsmasq --strict-order --bind-interfaces --pid-file=/var/run/libvirt/network/default.pid --conf-file= --ex... Feb 13 14:07:23 testvm libvirtd[1830]: 2012-02-13 14:07:23.694+0000: 1841: error : virCommandWait:2308 : internal error Child proce...ebtables Feb 13 14:07:23 testvm libvirtd[1830]: cmd='$EBT -t nat -L' Feb 13 14:07:23 testvm libvirtd[1830]: eval res=\$\("${cmd} 2>&1"\) Feb 13 14:07:23 testvm libvirtd[1830]: if [ $? -ne 0 ]; then echo "Failure to execute command '${cmd}' : '${res}'."; exit 1;fi Feb 13 14:07:23 testvm libvirtd[1830]: ) status unexpected: exit status 1 Feb 13 14:07:23 testvm libvirtd[1830]: 2012-02-13 14:07:23.773+0000: 1841: error : virCommandWait:2308 : internal error Child proce...p6tables Feb 13 14:07:23 testvm libvirtd[1830]: cmd='$IPT -n -L FORWARD' Feb 13 14:07:23 testvm libvirtd[1830]: eval res=\$\("${cmd} 2>&1"\) Feb 13 14:07:23 testvm libvirtd[1830]: if [ $? -ne 0 ]; then echo "Failure to execute command '${cmd}' : '${res}'."; exit 1;fi Feb 13 14:07:23 testvm libvirtd[1830]: ) status unexpected: exit status 1 in virt-manager window: Unable to connect to libvirt: authentication failed: Not authorized. Could not detect a local session: if you are running virt-manager over ssh -X or VNC, you may not be able to connect to libvirt as a regular user. Try running as root. Libvirt URI is: qemu:///system Traceback (most recent call last): File "/usr/share/virt-manager/virtManager/connection.py", line 1185, in _open_thread self.vmm = self._try_open() File "/usr/share/virt-manager/virtManager/connection.py", line 1167, in _try_open flags) File "/usr/lib64/python2.7/site-packages/libvirt.py", line 102, in openAuth if ret is None:raise libvirtError('virConnectOpenAuth() failed') libvirtError: authentication failed: Not authorized. But it should let me in due to: /var/lib/polkit-1/localauthority/50-local.d/virt-manager.pkl [Local virt-manager Permissions] Identity=unix-user:frank Action=org.libvirt.unix.* ResultAny=no ResultInactive=no ResultActive=yes Version-Release number of selected component (if applicable): libvirt-client-0.9.10-0rc2.fc17.x86_64 libvirt-0.9.10-0rc2.fc17.x86_64 libvirt-python-0.9.10-0rc2.fc17.x86_64 virt-manager-0.9.1-1.fc17.1.noarch virt-manager-common-0.9.1-1.fc17.1.noarch